Merge pull request #21 from PnX-SI/develop

Develop
PnX-SI · Feb 27, 2019 · 6f5fca1 · 6f5fca1
2 parents a9717d1 + dd539f4
commit 6f5fca1
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 13 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.3.1
+1.3.2
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -1,6 +1,18 @@
 CHANGELOG
 *********
 
+1.3.2 (2019-02-27)
+------------------
+
+**Nouveautés**
+
+* Ajout d'un callback de redirection lorsque les droits sont insuffisants sur le décorateur ``check_auth`` (``redirect_on_insufficient_right``)
+
+**Corrections**
+
+* Correction de conflit d'authentification et de permissions entre les différentes application utilisant le sous-module sur le même domaine (vérification que le token corespond à l'application courante).
+Note pour les développeurs: ce conflit est corrigé en ajoutant le paramètre ``ID_APP`` à l'application. La vérification que le token corespond bien à l'application courante n'est pas assuré si ce paramètre n'est pas passé pour des raisons de rétro-compatibilité.
+
 1.3.1 (2019-01-15)
 ------------------
 

diff --git a/src/pypnusershub/db/tools.py b/src/pypnusershub/db/tools.py
@@ -5,6 +5,7 @@
 """
     DB tools not related to any model in particular.
 """
+import logging
 
 from flask import current_app
 
@@ -17,6 +18,8 @@
 from pypnusershub.db import models, db
 from pypnusershub.utils import text_resource_stream
 
+log = logging.getLogger(__name__)
+
 
 class AccessRightsError(Exception):
     pass
@@ -45,17 +48,17 @@ class UnreadableAccessRightsError(AccessRightsError):
 #         engine.execute("COMMIT")
 
 
-def delete_schema(con_uri):
+# def delete_schema(con_uri):
 
-    engine = sa.create_engine(con_uri)
-    with engine.connect():
-        engine.execute("DROP SCHEMA IF EXISTS utilisateurs CASCADE")
-        engine.execute("COMMIT")
+#     engine = sa.create_engine(con_uri)
+#     with engine.connect():
+#         engine.execute("DROP SCHEMA IF EXISTS utilisateurs CASCADE")
+#         engine.execute("COMMIT")
 
 
-def reset_schema(con_uri):
-    delete_schema(con_uri)
-    init_schema(con_uri)
+# def reset_schema(con_uri):
+#     delete_schema(con_uri)
+#     init_schema(con_uri)
 
 
 def load_fixtures(con_uri):
@@ -80,6 +83,17 @@ def user_from_token(token, secret_key=None):
 
         id_role = data['id_role']
         id_app = data['id_application']
+        id_app_from_config = current_app.config.get('ID_APP', None)
+        # check that the id_app from the token well corespond to the current_app id_application
+        # for prevent conflit of token between applications on the same domain
+        # if no ID_APP is passed to the app config, we don't check the conformiity of the token
+        # for retro-compatibility reasons
+        if id_app_from_config:
+            if id_app != id_app_from_config:
+                log.info('Invalid token: the token not corespoding to the current app')
+                raise UnreadableAccessRightsError(
+                    'Token BadSignature', 403
+                )
         return (models.AppUser
                       .query
                       .filter(models.AppUser.id_role == id_role)

diff --git a/src/pypnusershub/routes.py b/src/pypnusershub/routes.py
@@ -103,6 +103,7 @@ def check_auth(
     get_role=False,
     redirect_on_expiration=None,
     redirect_on_invalid_token=None,
+    redirect_on_insufficient_right=None
 ):
     def _check_auth(fn):
         @wraps(fn)
@@ -113,9 +114,9 @@ def __check_auth(*args, **kwargs):
 
                 if user.id_droit_max < level:
                     #HACK better name for callback if right are low
-                    if redirect_on_invalid_token:
+                    if redirect_on_insufficient_right:
                         log.info('Privilege too low')
-                        res = redirect(redirect_on_invalid_token, code=302)
+                        return redirect(redirect_on_insufficient_right, code=302)
                     return Response('Forbidden', 403)
 
                 if get_role:
@@ -142,11 +143,11 @@ def __check_auth(*args, **kwargs):
 
             except UnreadableAccessRightsError:
                 log.info('Invalid Token : BadSignature')
-                # invalid token,
+                # invalid token
                 if redirect_on_invalid_token:
                     res = redirect(redirect_on_invalid_token, code=302)
                 else:
-                    res = Response('Token BadSignature', 403)
+                    res = Response('Token BadSignature or token not coresponding to the app', 403)
                 res.set_cookie('token', '', expires=0)
                 return res